This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(236.8, 1%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
hello i am attempting to generate a root key for a managed service account but keep getting this error. I confirmed the module are installed and its on a server 2016, also is on a 64 bit PowerShell system. any help would be apreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi Do you have at least a domain controller on windows 2012 or higher?
Are you using a account with domain admin or enterprise admin privileges? Did you try to launch it from another machine? https://learn.microsoft.com/en-us/windows-server/security/group-managed-service-accounts/create-the-key-distribution-services-kds-root-key
Please don’t forget to accept helpful answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Dillon Roe,
Thank you for posting in Q&A forum.
It may be due to incompatible versions of PowerShell or missing necessary modules. Please try check the things below: 1.Confirm PowerShell version: Ensure that the version of PowerShell you are using meets the requirements. On Windows Server 2016, PowerShell version 5.1 is installed by default. Please check if the PowerShell you are running is 32 bits or 64 bits.
A 64-bit architecture is required to run the Windows PowerShell commands which are used to administer group Managed Service Accounts.
2.Install necessary modules: Ensure that you have correctly installed all the modules required to run this command. For the operation of generating the root key of the hosted service account, it is necessary to install the "Active Directory" and "Active Directory PowerShell" modules.
3.Try the steps below:
(1) Log on to another non-DC in the domain.
(2) Log on as a domain admin or Enterprise Admin.
(3) Install/add the RSAT tools (the AD ones in particular).
(4) Launch the PowerShell AD tool.
(5) Run the Add-KDSRootKey from the new machine.
4.Or try command below (run PS as Administrator):
Add-KdsRootKey –EffectiveTime ((get-date).addhours(-10))
Here are two similar threads for your reference.
[https://learn.microsoft.com/en-us/answers/questions/403263/add-kdsrootkey-the-request-is-not-supported-(excep](https://learn.microsoft.com/en-us/answers/questions/403263/add-kdsrootkey-the-request-is-not-supported-(excep)
If the Answer is helpful, please click "Accept Answer" and upvote it.
